"Any from Firebox-00" traffic still logged even if checkbox is unchecked in diagnostic setup

Hello,

My firewall is sending a lot of "useless" logs to my splunk instance and i tried to remove it without success (to reduce the future needed daily indexed license...).

Any idea of what i could have missed ?

Thanks,

Florent

Comments

  • edited July 2021

    NB : setup / logging / Diagnostic log level / "Enable Logging from traffic sent from this device" has been unchecked.

  • Seems that the second checkbox did the job : "Enable logging for reports for traffic sent from this device (Fireware OS version 11.10.5 and higher)".

  • remaining question : what is the goal of the first checkbox then ?

  • Traffic Monitor only - not for reports

Sign In to comment.